1👍
✅
Depending on how you want your endpoint to be accessed and the level of publicity you can use 1 of 2 permissions.
Either AllowAny or IsAuthenticatedOrReadOnly
AllowAny will allow for anyone accessing each of the methods you’ve defined for the viewset.
IsAuthenticatedOrReadOnly will, by default, allow anyone to use the safe http methods GET, HEAD or OPTIONS on your endpoint but in order to POST, PUT/PATCH or DELETE you would need to be authenticated.
You add these to each of your endpoints for fine grained control
from rest_framework import permissions
class MyViewSet(viewsets.GenericViewSet):
permissions_classes = (permissions.AllowAny, )
Source:stackexchange.com